DOCSLIB.ORG

Network Defense and Countermeasures: Principles and Practices Second Edition

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Network Defense and Countermeasures: Principles and Practices Second Edition Network Defense and Countermeasures: Principles and Practices Second Edition Chuck Easttom 800 East 96th Street, Indianapolis, Indiana 46240 USA Network Defense and Countermeasures: Practices and Associate Publisher Principles, Second Edition Dave Dusthimer Copyright © 2014 by Pearson Education, Inc. Acquisitions Editor Betsy Brown All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, Managing Editor without written permission from the publisher. No patent liability is assumed with respect Sandra Schroeder to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or Project Editor omissions. Nor is any liability assumed for damages resulting from the use of the information Seth Kerney contained herein. Copy Editor ISBN-13: 978-0-7897-5094-5 Paula Lowell ISBN-10: 0-7897-5094-5 Library of Congress Control Number: 2013948636 Indexer Heather McNeil Printed in the United States of America Proofreader First printing October 2013 Jess DeGabriele Trademarks Technical Editor Ronald Gonzales All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Pearson IT Certification cannot attest to the accuracy of this Publishing Coordinator information. Use of a term in this book should not be regarded as affecting the validity of any Vanessa Evans trademark or service mark. Interior Designer Warning and Disclaimer Gary Adair Every effort has been made to make this book as complete and as accurate as possible, but no Cover Designer warranty or fitness is implied. The information provided is on an “as is” basis. The authors Mark Shirar and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from Compositor the use of the CD or programs accompanying it. Studio Galou, LLC Bulk Sales Pearson IT Certification offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales. For more information, please contact U.S. Corporate and Government Sales 1-800-382-3419 [email protected] For sales outside of the U.S., please contact International Sales [email protected] Contents at a Glance Preface .......................................................... xi Chapter 1: Introduction to Network Security ........................... 2 Chapter 2: Types of Attacks ........................................ 38 Chapter 3: Fundamentals of Firewalls ................................ 72 Chapter 4: Firewall Practical Applications ............................. 96 Chapter 5: Intrusion Detection Systems ............................. 122 Chapter 6: Encryption Fundamentals ............................... 142 Chapter 7: Virtual Private Networks ................................. 170 Chapter 8: Operating System Hardening ............................ 192 Chapter 9: Defending Against Virus Attacks .......................... 228 Chapter 10: Defending against Trojan Horses, Spyware, and Adware ..... 258 Chapter 11: Security Policies ...................................... 280 Chapter 12: Assessing System Security ............................. 302 Chapter 13: Security Standards .................................... 338 Chapter 14: Physical Security and Disaster Recovery .................. 366 Chapter 15: Techniques Used by Attackers .......................... 376 Chapter 16: Introduction to Forensics ............................... 396 Chapter 17: Cyber Terrorism ...................................... 414 Appendix A: References .......................................... 440 Glossary ....................................................... 444 Index .......................................................... 454 iii Table of Contents Preface .......................................................... xi Chapter 1: Introduction to Network Security 2 Introduction ....................................................... 2 The Basics of a Network ............................................ 3 Basic Network Utilities .............................................. 7 The OSI Model ................................................... 11 What Does This Mean for Security? .................................. 11 Assessing Likely Threats to the Network ............................. 12 Classifications of Threats ........................................... 15 Likely Attacks .................................................... 19 Threat Assessment ................................................ 21 Understanding Security Terminology ................................ 22 Choosing a Network Security Approach .............................. 26 Network Security and the Law ...................................... 27 Using Security Resources .......................................... 29 Test Your Skills .............................................. 30 Chapter 2: Types of Attacks 38 Introduction ...................................................... 38 Understanding Denial of Service Attacks .............................. 39 Defending Against Buffer Overflow Attacks ............................ 55 Defending Against IP Spoofing ...................................... 57 Defending Against Session Hacking .................................. 58 Blocking Virus and Trojan Horse Attacks .............................. 59 Test Your Skills .............................................. 66 Chapter 3: Fundamentals of Firewalls 72 Introduction ...................................................... 72 iv Table of Contents What Is a Firewall? ................................................ 73 Implementing Firewalls ............................................ 80 Selecting and Using a Firewall ...................................... 86 Using Proxy Servers ............................................... 87 Test Your Skills .............................................. 89 Chapter 4: Firewall Practical Applications 96 Introduction ...................................................... 96 Using Single Machine Firewalls ...................................... 97 Windows 7 ...................................................... 98 User Account Control .............................................. 99 Linux Firewalls ................................................... 99 Using Small Office/Home Office Firewalls ............................ 107 Using Medium-Sized Network Firewalls .............................. 110 Using Enterprise Firewalls ......................................... 112 Test Your Skills ............................................. 115 Chapter 5: Intrusion-Detection Systems 122 Introduction ..................................................... 122 Understanding IDS Concepts ...................................... 123 Understanding and Implementing IDS Systems ....................... 126 Understanding and Implementing Honey Pots ........................ 130 Test Your Skills ............................................. 136 Chapter 6: Encryption Fundamentals 142 Introduction ..................................................... 142 The History of Encryption ......................................... 142 Learning About Modern Encryption Methods ......................... 148 Identifying Good Encryption ....................................... 154 Understanding Digital Signatures and Certificates ..................... 155 Understanding and Using Decryption ............................... 158 Table of Contents v Cracking Passwords ............................................. 158 Steganography .................................................. 159 Steganalysis .................................................... 161 Exploring the Future of Encryption .................................. 161 Test Your Skills ............................................. 163 Chapter 7: Virtual Private Networks 170 Introduction ..................................................... 170 Basic VPN Technology ........................................... 171 Using VPN Protocols for VPN Encryption ............................ 172 IPSec .......................................................... 178 SSL ........................................................... 180 Implementing VPN Solutions ....................................... 180 Test Your Skills ............................................. 186 Chapter 8: Operating System Hardening 192 Introduction ..................................................... 192 Configuring Windows Properly ..................................... 193 Configuring Linux Properly ........................................ 214 Patching the Operating System .................................... 216 Configuring Browsers ............................................ 216 Test Your Skills ............................................. 222 Chapter 9: Defending Against Virus Attacks 228 Introduction ..................................................... 228 Understanding Virus Attacks ....................................... 229 Virus Scanners .................................................. 236 Antivirus Policies and Procedures .................................. 248 Additional Methods for Defending Your System ....................... 249 What to Do If Your System Is Infected by a Virus ...................... 249 Test Your Skills ............................................
Load more

Recommended publications
  • Usability and Security of Personal Firewalls
    Usability and Security of Personal Firewalls Almut Herzog^ and Nahid Shahmehri^ Dept. of Computer and Information Science, Linkopings universitet,Sweden {almhe, nahsh}@ida.liu.se Abstract. Effective security of a personal firewall depends on (1) the rule granularity and the implementation of the rule enforcement and (2) the correctness and granularity of user decisions at the time of an alert. A misconfigured or loosely configured firewall may be more dangerous than no firewall at all because of the user's false sense of security. This study assesses effective security of 13 personal firewalls by comparing possible granularity of rules as well as the usability of rule set-up and its influence on security. In order to evaluate usability, we have submitted each firewall to use cases that require user decisions and cause rule creation. In order to evaluate the firewalls' security, we analysed the created rules. In ad­ dition, we ran a port scan and replaced a legitimate, network-enabled application with another program to etssess the firewalls' behaviour in misuse cases. We have conducted a cognitive walkthrough paying special attention to user guidance and user decision support. We conclude that a stronger emphasis on user guidance, on conveying the design of the personal firewall application, on the principle of least privilege and on implications of default settings would greatly enhance both usability and security of personal firewalls. 1 Introduction In times where roaming users connect their laptops to a variety of public, pri­ vate and corporate wireless or wired networks and in times where more and more computers are always online, host-based firewalls implemented in soft­ ware, called personal firewalls, have become an important part of the security armour of a personal computer.
    [Show full text]
  • EC-Council Network Security Administrator (Exam 312-38)
    Product Information Sheet Exam 312-38 EC-Council Network Security Administrator (Exam 312-38) Page | 1 ENSAv4 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Product Information Sheet Exam 312-38 EC-Council NSA is CNSS 4011 Certified The Committee on National Security Systems (CNSS)/National Security Agency (NSA) of the United States of America certified EC-Council’s Network Security Administrator (ENSA) course as having met 100% of the requirements as set out by the Committee on National Security Systems (CNSS) National Standards 4011. This certification is managed by the Information Assurance Courseware Evaluation (IACE) Program, National INFOSEC (Information Security) Education and Training Program and is administered by the U.S. National Security Agency (NSA). The Committee on National Security Systems (CNSS) and National Security Agency (NSA) has developed a nationally recognized certification program based on NSTISSI standards. The CNSS/NSA Certification is a government class certification that is recognized as the National Training Standard for Information Security Professionals Students who have obtained these certifications would have demonstrated a solid grasp of the principles as outlined in the 4011 standard. With this, EC-Council has joined the ranks of the organizations United States Air Force Academy, United States Military Academy, Air Force Institute of Technology and Carnegie Mellon University; all of whom have attained the National Training Standard for Information Security Professionals - the CNSS 4011. Introduction The EC-Council's Network Security Administrator certification looks at the network security in defensive view while the CEH certification program looks at the security in offensive mode. The ENSA program is designed to provide fundamental skills needed to analyze the internal and external security threats against a network, and to develop security policies that will protect an organization’s information.
    [Show full text]
  • Personal Firewalls Are a Necessity for Solo Users
    Personal firewalls are a necessity for solo users COMPANY PRODUCT PLATFORM NOTES PRICE Aladdin Knowledge Systems Ltd. SeSafe Desktop Windows Combines antivirus with content filtering, blocking and $72 Arlington Heights, Ill. monitoring 847-808-0300 www.ealaddin.com Agnitum Inc. Outpost Firewall Pro Windows Blocks ads, sites, programs; limits access by specific times $40 Nicosia, Cyprus www.agnitum.com Computer Associates International Inc. eTrust EZ Firewall Windows Basic firewall available only by download $40/year Islandia, N.Y. 631-342-6000 my-etrust.com Deerfield Canada VisNetic Firewall Windows Stateful, packet-level firewall for workstations, mobile $101 (Canadian) St. Thomas, Ontario for Workstations users or telecommuters 519-633-3403 www.deerfieldcanada.ca Glucose Development Corp. Impasse Mac OS X Full-featured firewall with real-time logging display $10 Sunnyvale, Calif. www.glu.com Intego Corp. NetBarrier Personal Firewall Windows Full-featured firewall with cookie and ad blocking $50 Miami 512-637-0700 NetBarrier 10.1 Mac OS X Full-featured firewall $60 www.intego.com NetBarrier 2.1 Mac OS 8 and 9 Full-featured firewall $60 Internet Security Systems Inc. BlackIce Windows Consumer-oriented PC firewall $30 Atlanta 404-236-2600 RealSecure Desktop Windows Enterprise-grade firewall system for remote, mobile and wireless users Varies blackice.iss.net/ Kerio Technologies Inc. Kerio Personal Firewall Windows Bidirectional, stateful firewall with encrypted remote-management option $39 Santa Clara, Calif. 408-496-4500 www.kerio.com Lava Software Pty. Ltd. AdWare Plus Windows Antispyware blocks some advertiser monitoring but isn't $27 Falköping, Sweden intended to block surveillance utilities 46-0-515-530-14 www.lavasoft.de Network Associates Inc.
    [Show full text]
  • Ethical Hacking and Countermeasures Version 6
    Ethical Hacking and Countermeasures Version 6 Modu le LX Firewall Technologies News Source: http://www.internetnews.com/ Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective This modu le will fam iliar ize you wihith: • Firewalls • Hardware Firewalls • Software Firewalls • Mac OS X Firewall • LINUX Firewall • Windows Firewall Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Firewalls Mac OS X Firewall Hardware Firewalls LINUX Firewall Software Firewalls Windows Firewall Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Firewalls: Introduction A firewall is a program or hardware device that protects the resources of a private netw ork from users of other networks It is responsible for the traffic to be allowed to pass, block, or refuse Firewall also works with the proxy server It helps in the protection of the private network from the users of the different network Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Hardware Firewalls Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Hardware Firewall Har dware Firewa lls are place d in the perime ter of the networ k It employs a technique of packet filtering It reads the header of a packet to find out the source and destination address The information is then compared with the set of predefined and/orand/ or user created rules that determine whether the packet is forwarded or dropped Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Netgear Firewall Features: • ItInterne t shar ing broa dbddband router and 4-port switch • 2x the speed and 4x times the coverage of a Wireless-G router • Configurable for private networks and public hotspots • Double Firewall protection from external hackers attacks • Touchless WiFi Security makes it easy to secure your network Copyright © by EC-Council EC-Council All Rights Reserved.
    [Show full text]
  • Firewalls Firewall I Firewall Sono Una Componente O Un Insieme Di Componenti Che Limitano L'accesso Tra Una Rete Protetta Ed In
    For TIC Pagina 1 di 4 Firewalls Firewall I firewall sono una componente o un insieme di componenti che limitano l'accesso tra una rete protetta ed Internet. Essi proteggono le organizzazioni in Internet fornendo accessi sicuri: garantendo che utenti validi possano accedere alle risorse di rete di cui hanno bisogno. Determinare chi sia un utente valido è compito del sistema di autenticazione; mentre determinare quali risorse un utente possa accedere è compito del sistema di autorizzazione (Access Control). Per fornire meccanismi di Access Control, un firewall richiede una comprensione profonda dei servizi e delle applicazioni utilizzati in rete. Ci sono fondamentalmente due tipi di firewall, quelli personali e quelli commerciali. I firewall personali I firewall personali sono programmi che proteggono un computer quando questo è collegato ad una rete. Un personal firewall analizza i canali di comunicazione, negando l'elaborazione del traffico ritenuto rischioso sia in ingresso che in uscita. Di seguito si analizzano le caratteristiche di alcuni prodotti molto diffusi e si riassumono le caratteristiche comparate, in una tabella. z Tiny Personal Firewall è un prodotto facile da configurare ed utilizzare che protegge completamente un computer dagli attacchi. Tiny Personal Firewall include dei wizard semplici per il rilevamento delle intrusioni che individuano attività sconosciute e chiedono all'utente di impostare i parametri del firewall. Appositi wizard rilevano i tentativi di connessione alle porte di comunicazione e creano delle regole di filtering in base all'indicazioni dell'utente. Per garantire che dei cavalli di Troia non si nascondano all'interno di applicazioni viene utilizzata la firma digitale con algoritmo MD5.
    [Show full text]
  • "Service Unavailable" Error, Contact Norton at to Find out How to Configure It Correctly
    Service Unavailable, Offline, or Action Cancelled errors When I try to sign in to RealPlayer, I get a "Service Unavailable," "You are currently offline," or "Action cancelled" error. How can I fix this? You may need to unblock the program in your computer's firewall if: - You get a 'Service Unavailable' or 'you are working offline, click here to refresh' error while trying to sign in or view pages, or an 'Action cancelled' message when you try to play a clip (or view a live video feed such as Big Brother). - It is having problems retrieving CD information Norton, McAfee, ZoneAlarm, Freedom, BlackIce, Windows Firewall, and Microsoft ISA server are some of the most common brands of firewall software. Instructions for these follow: Norton Firewall: 1. Close the program. 2. Double-click the Norton Firewall icon in the Windows task bar. 3. Click the Configure button on the right side. 4. Click the Program Control tab at the top. 5. Locate the program (RealPlayer or Rhapsody). 6. Highlight and click Remove. 7. Close Norton Personal Firewall. 8. Open the program and you will get a prompt to grant access to the Internet. 9. Choose Permit and check Always use this action. 10. Restart the computer. If you are still receiving a "Service Unavailable" error, contact Norton at http://www.symantec.com/techsupp/ to find out how to configure it correctly. McAfee Personal Firewall: There are two possible methods for McAfee Personal Firewall. You can choose either one: First method: 1. Double-click the firewall icon in the Windows task bar.
    [Show full text]
  • Paul Collins Status Name/Startup Item Command Comments X System32
    SYSINFO.ORG STARTUP LIST : 11th June 2006 (c) Paul Collins Status Name/Startup Item Command Comments X system32.exe Added by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name field X pathex.exe Added by the MKMOOSE-A WORM! X svchost.exe Added by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder X SystemBoot services.exe Added by the SOBER-Q TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a HelpHelp subfolder of the Windows or Winnt folder X WinCheck services.exe Added by the SOBER-S WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "ConnectionStatusMicrosoft" subfolder of the Windows or Winnt folder X Windows services.exe Added by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "WinSecurity" subfolder of the Windows or Winnt folder X WinStart services.exe Added by the SOBER.O WORM! Note - this is not the legitimate
    [Show full text]
  • Firewall Deployment for Scada and Process Control Networks Good Practice Guide
    FIREWALL DEPLOYMENT FOR SCADA AND PROCESS CONTROL NETWORKS GOOD PRACTICE GUIDE 15 FEBRUARY 2005 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) – a predecessor organisation to the Centre for the Protection of National Infrastructure (CPNI). Hyperlinks in this document may refer to resources that no longer exist. Please see CPNI’s website (www.cpni.gov.uk) for up-to-date information. Disclaimer Reference to any specific commercial product, process or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI. The views and opinions of authors expressed within this document shall not be used for advertising or product endorsement purposes. To the fullest extent permitted by law, CPNI accepts no liability for any loss or damage (whether direct, indirect or consequential and including, but not limited to, loss of profits or anticipated profits, loss of data, business or goodwill) incurred by any person and howsoever caused arising from or connected with any error or omission in this document or from any person acting, omitting to act or refraining from acting upon, or otherwise using, the information contained in this document or its references. You should make your own judgement as regards use of this document and seek independent professional advice on your particular circumstances. Firewall Deployment for SCADA and Process Control Networks Revision History Revision Date Author(s) Description 0.1
    [Show full text]
  • “...Let's Go to Our Mail...”
    “...let's go to our mail...” See what our users have to say about our solutions. Comodo customers are happy customers. Whether about our free, top-of-the- list Firewall Pro or our very place in the Certification Authority industry, both business professionals and PC owners alike are flooding our online forums with their thoughts and thanks. But don't take Comodo's word for it, read them for yourself. To preserve the individual tone of each message and the personality of the forum member, we've taken these messages directly from our web site with no content editing. We've divided them by subject, so jump to the one that interests you most, or start at the top. Comodo Firewall Pro BOClean Free products Trust CAVS VerificationEngine Comodo as a sought-after trust brand Customer support and forums SSL certificates Anti -spam Comodo Firewall Pro Our free Firewall Pro, named "Online Editor's Choice" by PC Magazine and ranked #1 in Matousec's leaktest of top firewalls. ----------------------------------------------------------------------------------------------------------------------------------- Special thanks for providing a Free download ‘firewall’. I have replaced your competitor's firewall, which had been giving me nothing but trouble. Since installing yours, things have been running very smoothly at this end, with no problems. The computer seems much quicker (if possible)! Thanks again. Wayne Morris South Australia. ----------------------------------------------------------------------------------------------------------------------------------- Hi. My name is Tom. I use Comodo Firewall on my desktop and am in absolute love with it. It's an awesome job you guys did, it really is! :D Now, I have a laptop and I have Windows Vista on it.
    [Show full text]
  • Cehv6 Program Guide.Indd
    Page 1 Ethical Hacking and Countermeasures http://www.eccouncil.orghttp://www.eccouncil.org EC-CouncilEC-Council TM Page 2 CEH Certified Ethical Hacker http://www.eccouncil.org EC-Council Table of Contents Page 3 What is New in CEHv6? .............................................. Page 4 CEHv6 Fact Sheet ........................................................ Page 5 CEH Training Program ................................................ Page 9 Course Outline ............................................................ Page 10 Classroom Lecture Hours ............................................ Page 159 CEHv6 Labs ............................................................... Page 162 Module Briefi ng .......................................................... Page 178 CEHv6 Exam Objectives ............................................ Page 193 http://www.eccouncil.org EC-Council Lets’ Stop the Hackers Menace. Master the Hacking Technologies. Become a CEH. Page 4 http://www.eccouncil.org EC-Council CEH v6 Fact Sheet Page 5 1. What is the nature of the course change? CEHv6 has been updated with tons of new hacking tools, new hacking techniques and methodologies. The fl ow of the content is the same except each module is refreshed with more content. There are advanced modules added to the curriculum like Writing Windows Exploits, Reverse Engineering, Covert Hacking and Advanced Virus Writing Skills. The slides are updated to make them more presentable. There are over 67 modules in CEHv6. 2. Are there accompanying certifi cation changes? The CEHv6 exam will be available at Prometric Prime, Prometric APTC and VUC Centers on November 5th 2008. The old CEHv5 exam will still be available until June 3rd 2009. 3. How much will the new exam cost? The updated CEH v6 will cost USD 250. 4. What is the duration of the exam? The exam will be 4 hours with 150 questions. The passing score is 70% 5.
    [Show full text]
  • HOW to USE THIS DOCUMENT: Buying Programs
    ___________________________________________________________________________________ HOW TO USE THIS DOCUMENT: You can find a key word to use in your search on the repository. • You can use Ctrl + F to search this entire document. • You can also jump to a particular group and manually scroll. Buying Programs Which includes: Express Buying Program Certificate Services Which includes: MPKI for SSL; SSL Certificate; Roots and Audits; Managed PKI (MPKI) Online Services Which includes: CloudSOC (CASB) (formerly Elastica); Web Security Service; DLP Cloud; VIP; Cyber Security Services Education and Technical Services Which includes Customer Success; Training Consumer Software Which includes Norton Enterprise Software Which includes SEP and ATP Version 2019.09.20 ___________________________________________________________________________________ Buying Programs Use These Key Word To Look for These Associated Documents Express Buying Program • Express Buying Program Terms and Conditions [Back to Top] Version 2019.09.20 ___________________________________________________________________________________ Certificate Services Symantec completed its divestiture of its certificate services to DigiCert on October 31, 2017. For standard agreements, service descriptions, audit reports and root policies relevant to the Certificate Authority business (including Symantec, Thawte, GeoTrust, and RapidSSL), please visit the Certificate Authority Repository. [Back to Top] Version 2019.09.20 ___________________________________________________________________________________
    [Show full text]
  • Virtual Private Network (VPN) 2.0 User Guide
    Virtual Private Network (VPN) 2.0 User Guide Issue 1 Revision 3 Date 30-Sep-2009 Issued by ITSD © MTR CORPORATION LIMITED 2009. All rights reserved. Reproduction of this work or any party of it by whatever means is not permitted without the prior written consent of MTR Corporation Limited. All content of this material including the text, images and graphics, is confidential and is the property of MTR Corporation Limited and protected by law. You must not disclose this material in whole or in part to third parties without the authorisation of MTR Corporation Limited and you may only use the materials for the purpose agreed with or authorized by MTR Corporation Limited. VPN 2.0 User Guide USER GUIDE OF VPN VERSION 2.0 1 Introduction Internet remote access have been enhanced in version 2.0 of Virtual Private Network (VPN) and Internet Webmail using Microsoft Outlook Web Access (OWA) services to strengthen information security protections to mitigate risks of virus attack and inadvertent disclosure of sensitive information associated with remote access. This document describes the enhancements of this new version and what you have to do about them. The new enhancements include: y One-time-password (OTP) token y Security compliance test 1.1 One-time-password (OTP) token To protect our VPN and Internet OWA users, ITSD has introduced a security device. This device generates a security code (called passcode), which you must use in addition to your normal username and password to gain access to VPN and Internet OWA. ITSD will progressively issue OTP tokens to VPN and Internet OWA users.
    [Show full text]